<?php //ver.2011 0.1 - Eugenio Ghiglia <eugenio@blux.org> - 
require('../settings.php');
require('../lib/class.db.php');
$db = new Db();
$db->type='mysql';
$db->error_off();
if ($db->connetti($_db_host, $_db_user, $_db_psw, $_db_name)) {
    if ($_GET['key']) {
        $key=substr(trim($_GET['key']),0,32);
        $sql="SELECT valore FROM tbl_config WHERE parametro='PASSPHRASE' LIMIT 1";
        $db->sql_arr($sql, $record, $n);
        if ($n && $record[0]['valore']) {
            $check_key=md5($record[0]['valore'].date('Ym'));
            if ($check_key==$key) {
                if ($_GET['id']) {
                    $id=(int)$_GET['id'];
                    $sql="SELECT * FROM tbl_annunci WHERE id_annuncio='$id'";
                    $db->sql_arr($sql, $record, $n);
                    if ($n) {
                        switch($_GET['a']) {
                            case 'paid':
                                $sql="UPDATE tbl_annunci 
                                        SET pagato=da_pagare
                                      WHERE id_annuncio='$id'";
                                $db->sql($sql);
                                echo 'OK, pagato';      
                            break;
                            case 'remove':
                                $sql="INSERT INTO tbl_annunci_rimossi SELECT * FROM tbl_annunci WHERE id_annuncio='$id'";
                                $db->sql($sql);
                                $sql="DELETE FROM tbl_annunci WHERE id_annuncio='$id'";
                                $db->sql($sql);
                                echo 'OK, rimosso';
                            break;
                            default:
                                echo 'azione non specificata';
                            break;
                        }
                    } else {
                        echo 'annuncio non trovato';
                    }
                } else {
                    echo 'ID annuncio non specificato';
                }
            } else {
                header('HTTP/1.0 401 Unauthorized');
            }
        }
    }
}
?>
